In a Disaster, Hold Your Vendors to 3 Standards for Data Security

In the wake of Hurricane Harvey, the team at InstaMed is keeping the people of Houston, and all those impacted by the storm, in our thoughts. If you’d like to help, join us in donating to the Texas Diaper Bank, which is distributing free diapers to shelters and families impacted by Harvey.

Whenever a natural disaster occurs, any data centers that are located in the area of impact are at risk of experiencing an outage, which could potentially affect the entire country, or even the world. A data center is a large group of networked computer servers typically used by organizations for the remote storage, processing or distribution of large amounts of data. If a data center experiences an outage, any person or organization connected to that data will be affected.

The average total cost per minute of an unplanned outage increased from $5,617 in 2010 to $7,908 in 2013 to $8,851 in 2016.

The average cost of a data center outage rose from $505,502 in 2010 to $690,204 in 2013 to $740,357 in 2016. This represents a 38% increase in the cost of downtime since 2010.

Maximum downtime costs are rising faster than average, increasing 81% since 2010 to a current high of $2,409,991.

The best way to protect against a data center outage is to have a solid disaster recovery plan in place. To ensure your organization is protected, ask the systems and vendors you work with to share their detailed disaster recovery plan. A good plan will go above commonly accepted standards to guarantee that data is protected in any event.

Having a data recovery site in close proximity to the primary site will likely be ineffective in the event of a natural disaster. Instead, disaster recovery sites should be spread out across geographical regions.

Standard #2: Support offsite backups.
Higher Standard: Support a site that replicates the primary site and is “ready to go” at any time.

Beware of vendors who take a very low-cost approach to disaster recovery. They may back up their data offsite, but it would take days or weeks to bring the site online. Ask your vendor for their detailed disaster recovery plan. If it includes contracting an IT company for equipment rental in the event of an emergency, this can take days or weeks to receive – with no guarantee it will work. This can greatly affect the recovery time objectives (RTO) and recovery point objectives (RPO).

RTO: how long it will take to restore services from when a disaster is declared

RPO: how far back the point of data restore is from when a disaster is declared

The best practice is to have a site exactly like the primary site “ready to go” at any time, with a RTO and RPO of a few hours or less. This requires a significant investment, so many vendors cut corners.

Standard #3: Have a documented business continuity plan.Higher Standard: Ensure the human factor is included.

Business continuity plans need to go beyond just the technology and data. They should include having multiple business locations with adequate, trained staff capable of handling non-IT related business functions, like customer service. Your systems vendor should not be relying on relocating any staff to another location, as this may not be possible during a natural disaster.

Click here for our full checklist of data center and cloud data best practices.

The views expressed within posted comments do not necessarily reflect the views or opinions of InstaMed.